Image sending apparatus and authentication method in image sending apparatus

ABSTRACT

An image sending apparatus includes a first authentication unit configured to perform processing for first authentication to authenticate a user, a storage unit configured to store authentication information used when the first authentication unit authenticates the user, a sending unit capable of sending image data by a plurality of kinds of sending methods, a destination setting unit configured to set a destination to which the sending unit sends the image data, a second authentication unit configured to perform processing for second authentication required for the sending unit to send the image data to the destination set by the destination setting unit, and a determination unit configured to determine whether to use the authentication information stored in the storage unit when the second authentication unit performs the processing for the second authentication, based on the sending method by which the sending unit sends the image data to the destination.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an image sending apparatus requiringauthentication for use of the apparatus and a function provided therein,and an authentication method in the image sending apparatus.

2. Description of the Related Art

There is known an image sending apparatus allowing an authenticated userto use a specific function provided in the apparatus such as the sendfunction or the print function. Hereinafter, the term “functionauthentication” is used to refer to user authentication performed toallow or limit use of a specific function provided in an apparatus.

Further, some image sending apparatuses have the function of sendingimage data to a network folder (shared folder) with use of the ServerMessage Block (SMB) protocol or another protocol. When a user uses thisfunction of an image sending apparatus, authentication to access aspecified folder may be required of the user, depending on the settingof a file server that offers the network folder.

On the other hand, for example, there is known the Single Sign-On(hereinafter referred to as “SSO”) technique used in a personalcomputer, as a technique for enabling authentication required at a loginto use a personal computer, to be automatically inherited toauthentication required to access a folder. Use of this technique alsoenables the device authentication or the function authentication in animage sending apparatus to be inherited to authentication for aspecified folder.

Further, even without use of the SSO technique, it is possible toapparently emulate the SSO technique by applying the technique forpresetting a username and password used in prior authentication, to ascreen of later authentication, as discussed in Japanese PatentApplication Laid-Open No. 2003-186849.

In most cases, the SSO technique is interactively used at a personalcomputer. If a user is successfully authenticated in authenticationprocessing to log in a personal computer but fails to be authenticatedin later authentication to access a folder, the personal computerdisplays an authentication screen prompting the user to enter a usernameand password at this time. Then, the user can enter a correct usernameand password to access the folder when the screen is displayed. On theother hand, when performing the send function at an image sendingapparatus, first, a user sets destinations and authenticationinformation for each destination, and then later, the personal computerperforms authentication processing and send processing for eachdestination. Therefore, it is highly likely that a user does not stay infront of an image sending apparatus when authentication fails in thesend processing that is performed at a later time. Obviously, it isimpossible to enter correct authentication information without presenceof the user in front of the image sending apparatus.

Further, the above-mentioned application of the technique discussed inJapanese Patent Application Laid-Open No. 2003-186849 requires a displayof an authentication screen and presetting of the username and passwordentered in the prior authentication to the authentication screen eachtime a destination is specified. If login authentication andauthentication to access a certain folder are managed in an integratedfashion, a user should be rather annoyed by the authentication screenappearing every time. Examples of this situation include image sendingbased on the function authentication performed by a LightweightDirectory Access Protocol (LDAP) server to allow use of the sendfunction, and acquisition of a folder path associated with thisauthentication from the same LDAP server to use the folder path as asend destination.

Further, it is possible that a folder shared by all users is registeredin an address book together with a public username and a password, and asystem administrator wants this registered information to be just usedas it is for the send authentication when that folder is selected as asend destination. Conversely, another possible situation that, althougha shared folder is registered in an address book, a system administratorwants a user to access that folder by using the username specified inthe function authentication for the send function. In this way,uniformly setting whether to inherit authentication does not necessarilyimprove efficiency of user authentication.

SUMMARY OF THE INVENTION

The image sending apparatus according to the present invention providesan image sending apparatus enabling settings about whether to inheritauthentication information for image sending and whether to display ascreen for inputting authentication information according to a kind ofdestination or a destination setting method. According to the imagesending apparatus of the present invention, it is possible to selectsettings about whether to inherit authentication information for imagesending and whether to display a screen for inputting authenticationinformation according to a kind of destination or a destination settingmethod.

According to an aspect of the present invention, an image sendingapparatus includes a first authentication unit configured to performprocessing for first authentication to authenticate a user, a storageunit configured to store authentication information used when the firstauthentication unit authenticates the user, a sending unit capable ofsending image data by a plurality of kinds of sending methods, adestination setting unit configured to set a destination to which thesending unit sends the image data, a second authentication unitconfigured to perform processing for second authentication required forthe sending unit to send the image data to the destination set by thedestination setting unit, and a determination unit configured todetermine whether to use the authentication information stored in thestorage unit when the second authentication unit performs the processingfor the second authentication, based on the sending method by which thesending unit sends the image data to the destination. In the imagesending apparatus, the second authentication unit selectively performsthe processing for the second authentication with use of theauthentication information stored in the storage unit, or the processingfor the second authentication without use of the authenticationinformation stored in the storage unit, according to the determinationmade by the determination unit.

Further features and aspects of the present invention will becomeapparent from the following detailed description of exemplaryembodiments with reference to the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of the specification, illustrate exemplary embodiments, features,and aspects of the invention and, together with the description, serveto explain the principles of the invention.

FIG. 1 illustrates an example of a system configuration including animage sending apparatus (multi function peripheral (MFP)).

FIG. 2 is a block diagram illustrating an example of a hardwareconfiguration of the MFP.

FIG. 3 is a flowchart illustrating an example of send authenticationprocessing and send destination setting processing in a first exemplaryembodiment.

FIG. 4 is a flowchart illustrating an example of the send destinationsetting processing.

FIG. 5 illustrates an example of a context.

FIG. 6 is a flowchart illustrating an example of processing of settingauthentication information for anew file destination.

FIG. 7 is a flowchart illustrating an example of processing of settingauthentication information to send data to user's own folder.

FIG. 8 is a flowchart illustrating each-time processing and inheritanceprocessing for a file destination in a destination table.

FIGS. 9A and 9B illustrate examples of a screen prompting a user toenter a username and a password for sending data to a new destination.

FIGS. 10A and 10B illustrate examples of a screen prompting a user toenter a username and a password for sending data to the user's ownfolder.

FIGS. 11A and 11B illustrate examples of a screen prompting a user toenter a username and a password for sending data to a destinationselected from the destination table.

FIG. 12 illustrates an example of a setting screen for settingauthentication setting information.

FIG. 13 illustrates an example of a destination list.

FIG. 14 illustrates an example of the destination list after completionof setting of authentication information.

DESCRIPTION OF THE EMBODIMENTS

Various exemplary embodiments, features, and aspects of the inventionwill be described in detail below with reference to the drawings.

FIG. 1 illustrates an example of a system configuration including animage sending apparatus (MFP) according to a first exemplary embodiment.

A multi function peripheral (MFP) 200, which is an example of an imagesending apparatus, is connected to a Lightweight Directory AccessProtocol (LDAP) server 300 via a local area network (LAN) 100. The MFP200 is a multi-function image processing apparatus provided withmultiple functions such as the copy function, the print function, andthe image send function. The image send function of the MFP 200 is afunction of sending image data obtained by, for example, scanning anoriginal document to a destination. The image send function can sendimage data by a plurality of kinds of sending methods. The image sendfunction of the MFP 200 according to the present exemplary embodimentcan send image data via an electronic mail, a file transfer under SMB,and a file transfer under File Transfer Protocol (FTP), as the kinds ofsending methods.

The MFP 200 realizes user authentication when a user uses the sendfunction, which will be described later, by communicating with the LDAPserver 300 under a predetermined protocol. This protocol is a knowntechnique, and therefore will not be described in detail herein. TheLDAP server 300 is an example of an authentication server.Alternatively, the MFP 200 may be equipped with a user authenticationmeans. In this case, the LDAP server 300 may be omitted.

FIG. 2 is a block diagram illustrating an example of a hardwareconfiguration of the MFP 200.

The MFP 200 includes a central processing unit (CPU) 201, a read onlymemory (ROM) 202, a random access memory (RAM) 203, a network interfacecard (NIC) 204, an external input controller (PANELC) 205, and variousbuttons and a touch panel (PANEL) 206. The MFP 200 further includes adisplay controller (DISPC) 207, a display (DISPLAY, display unit) 208, adisk controller (DKC) 209, a hard disk (HD) 210, a printer unit(PRINTER) 211, and a scanner unit (SCANNER) 212.

The CPU 201 is in charge of overall control of devices connected to asystem bus 213, and execution of firmware modules stored in the ROM 202,or the HD 210 which is a mass storage device. As the firmware modules,there are at least two modules. Updating the firmware modules can beexecuted individually for each module.

Further, the CPU 201 performs the processing illustrated in theflowcharts that will be described later, based on the firmware modulesas the control programs. In some cases, the HD 210 may be also used as aspace for temporarily storing an image. The RAM 203 functions as a mainmemory and a work area of the CPU 201. In the present exemplaryembodiment, the single CPU 201 executes various programs, but aplurality of CPUs may execute those programs in collaboration with eachother.

The PANELC 205 controls an instruction input from the PANEL 206 providedto the MFP 200. The PANEL 206 includes various kinds of buttons, keys, atouch panel sheet, and the like, and constitutes an operation unit ofthe MFP 200. A DISPC 207 controls image drawing on the DISPLAY 208. TheDISPLAY 208 is constituted by, for example, a liquid crystal display,and displays an operation screen of the MFP 200. The operation unit ofthe MFP 200 is constituted by the PANEL 206 and the DISPLAY 208.

The NIC 204 is in charge of exchanges of data with another MFP, a fileserver (not illustrated), or the LDAP server 300 via the LAN 100. ThePRINTER 211 forms an image on a recording sheet by theelectrophotographic method. The SCANNER 212 reads an image printed on arecording sheet. The SCANNER 212 is equipped with a not-illustrated autodocument feeder, and thereby can automatically read a plurality ofdocuments.

The MFP 200 according to the present exemplary embodiment is configuredto perform the device authentication and the send authentication. Thesend authentication is an example of the function authentication. Thedevice authentication is realized by storage of an authentication tablecontaining department IDs and passwords in the HD 210 of the MFP 200,and a check of a department ID and a password input by a user againstthe table. For the send authentication, the MFP 200 communicates withthe LDAP server 300 via the LAN 100 to authenticate a user. In thepresent exemplary embodiment, a user authenticated by the deviceauthentication is allowed to use the copy function and the printfunction of the MFP 200. Further, a user authenticated by the sendauthentication is allowed to use the send function of the MFP 200. Ineach of the device authentication and the send authentication, if a userdoes not operate the PANEL 206 for a predetermined time after the useris authenticated (after the user logs in), the authentication status ischanged from an authenticated status to a unauthenticated status (logoutstatus). This “predetermined time” is set to the NFP 200 in advance, anda timer (auto-logout timer) in the form of software counts this time.The auto-logout timer may be embodied in the form of hardware. In thiscase, when the auto-logout timer detects that the predetermined time haspassed, an interrupt signal is issued to the CPU 201.

FIG. 3 is a flowchart illustrating an example of send authenticationprocessing and send destination selection processing in the presentexemplary embodiment.

In the present exemplary embodiment, the term “inherit authenticationinformation” or the more simple term “inherit” is used to refer toutilization of authentication information (context) such as a username(or a user identification (ID)) and a password entered for the sendauthentication, for other authentication processing that is performed ata later time. In this way, the term “inheritance authentication” is usedto refer to use of authentication information used in priorauthentication processing, for other authentication processing that isperformed at a later time. On the other hand, the term “each-time” isused herein in such a manner that “each-time” display means a display ofan input screen for entering authentication information at the time ofauthentication processing different from the send authentication that isperformed after the send authentication to prompt a user to enterauthentication information once more. In this regard, in the presentexemplary embodiment, the term “each-time authentication” is used torefer to requiring a user to enter authentication information for eachauthentication processing as mentioned above. The MFP 200 can evenemploy both the “each-time” method and the “inheritance” method. In thiscase, the MFP 200 displays a screen for entering authenticationinformation when later authentication processing is performed. Then, theinherited authentication information is set (preset) on this displayedscreen as an initial value thereof.

A program required for execution of the send authentication processingand the send destination selection processing illustrated in theflowchart of FIG. 3 is stored in the HD 210 together with the otherprograms. The program stored in the HD 210 is developed into the RAM 203when the power source of the MFP 200 is turned on. Then, authenticationof a user by the device authentication enables the CPU 201 to carry outthe flowchart of FIG. 3. The processing of the flowcharts that will bedescribed later is also developed into the RAM 203 and carried out bythe CPU 201 in the same manner.

First, in step S3-001, the CPU 201 displays, on the DISPLAY 208, ascreen prompting an input of a username and a password required for thesend authentication. Next, the CPU 201 receives the username and thepassword that the user enters by operating the PANEL 206, and waits alogin request for the send authentication. Upon a reception of the loginrequest, the CPU 201 accesses the LDAP server 300 via the LAN 100. Morespecifically, the CPU 201 requests the authentication by sending theentered username and password to the LDAP server 300 with use of apredetermined protocol. Upon a reception of the request, the LDAP server300 checks the received username and password, and returns theauthentication result to the MFP 200. After the MFP 200 receives theauthentication result from the LDAP server 300, the processing proceedsto step S3-002.

In step S3-002, the CPU 201 determines whether the authentication resultof the send authentication received from the LDAP server 300 indicatesthat the user can be successfully authenticated. If the authenticationresult indicates that the user can be successfully authenticated (YES instep S3-002), the processing proceeds to step S3-003. If not (NO in stepS3-002), a send authentication failure is displayed on the DISPLAY 208,and the processing returns to step S3-001.

In step S3-003, the CPU 201 acquires the directory information of theauthenticated user from the LDAP server 300. More specifically, the CPU201 requests a search for the homeDirectory property value of theauthenticated user from the LDAP server 300, and acquires the searchresult. This process enables the CPU 201 to locate the home directorythat is a storage area assigned to the authenticated user. After that,the CPU 201 stores the username and the password used in the sendauthentication, the Internet Protocol (IP) address of the LDAP server300, the folder path to the home directory, and the like in the RAM 203as a context 5000 in such a manner that these pieces of data areassociated with one another.

FIG. 5 illustrates an example of a context 5000. The context 500 is anexample in which a user is authenticated by the LDAP server 300 with useof the username “ikeda” and the password “password”. Further,“\home\ikeda” is acquired as the homeDirectory property value. Thecontext 5000 illustrated in FIG. 5 does not contain a server name in theproperty value. In this case, the IP address of the LDAP server 300“\\192.168.0.1” is set as the IP address of the server where the homedirectory exists. This means that, in the example illustrated in FIG. 5,the home directory of the authenticated user exists in the LDAP server300.

Next, the processing proceeds to step S3-004. In step S3-004, the CPU201 displays, on the DISPLAY 208, a send operation screen, and buttonsfor an operation such as setting a reading resolution and switchingbetween one-sided reading and two-sided reading. Then, the CPU 201receives various kinds of settings for an image sending operation.Further, the CPU 201 receives an operation for setting a senddestination. The detailed flow of the send destination setting will bedescribed later.

After completion of the send destination setting, the processingproceeds to step S3-005. If authentication is necessary to access one ormore set destinations, the CPU 201 performs the “each time” processingand the “inheritance” processing with respect to the authenticationinformation (context). If the authentication information is inherited,the context 5000, which is obtained by performing the sendauthentication, is inherited. The details thereof will be describedlater. When all destinations are established, the processing proceeds tostep S3-006.

In step S3-006, the SCANNER 212 reads an original document placed on theSCANNER 212 illustrated in FIG. 2. After completion of the reading, theCPU 201 creates a send job by associating the read data with all of theestablished destinations, and inputs the send job into a queue for thesend processing. Then, the processing proceeds to step S3-007.

In step S3-007, the CPU 201 checks the user's selection about whetherthe user wants to continue the destination setting processing. If theuser selects to continue the destination setting processing (YES in stepS3-007), the processing returns to step S3-004. If the user selects toend the destination setting processing to log out from the sendauthentication (NO in step S3-007), the processing proceeds to stepS3-008.

In step S3-008, the CPU 201 discards (ends) the send authentication.More specifically, the CPU 201 deletes the context 5000 that is storedin the RAM 203 in step S3-003. Then, the present flowchart is ended.

FIG. 4 is a flowchart illustrating an example of the send destinationsetting processing performed in step S3-004.

In step S4-001, the CPU 201 displays a screen for setting a senddestination on the PANEL 206, and receives the user's setting of senddestination. At this time, the CPU 201 receives any of an instructionindicating that the user selects a specific destination fromdestinations displayed in a destination table, an instruction indicatingthat the user enters a new destination, and an instruction indicatingthat the user wants to “send data to the user's own folder”. Then, theprocessing proceeds to step S4-002.

In step S4-002, the CPU 201 determines whether one or more destinationsare set, and the setting and selection of send destination arecompleted. If the destination setting is completed (YES in step S4-002),the present flowchart is ended. More specifically, an operation screenfor setting the destination is displayed on the PANEL 206, and thisoperation screen contains a “COMPLETE” button for issuing an instructionto complete a destination setting operation. When the user presses the“COMPLETE” button, the present flowchart is ended.

If not (NO in step S4-002), the processing proceeds to step S4-003.

In step S4-003, the CPU 201 checks the protocol to be used for sendingimage data to the selected destination. Examples of the protocol includea protocol for a file transfer (SMB, FTP), and an electric mail (SimpleMail Transfer Protocol (SMTP)). If image data is sent to a shared folderas a destination with use of the SMB protocol, authentication may berequired in order to access to the folder. Alternatively, if image datais sent to an FTP server as a destination with use of the FTP protocol,authentication may be required in order to access the FTP server.Further alternatively, if an electric mail with image data attachedthereto is sent to an electric mail address as a destination,authentication may be required at the SMTP server. The MFP 200 accordingto the present exemplary embodiment can offer the following two inputmethods as a method of inputting authentication information (usernameand password) for authentication required in order to send image data toa destination. One of them is a method of requesting a user to inputauthentication information each time the user selects a send destination(each-time authentication). The other is a method of usingauthentication information (context 5000) used in the sendauthentication (inheritance authentication). The MFP 200 is configuredsuch that a user or an administrator can set an authentication method inadvance as to whether to perform the each-time authentication or theinheritance authentication when a user selects a send authentication andis required to undergo authentication. The setting about theauthentication method is stored in, for example, the HD 210 as settinginformation.

Next, the processing proceeds to step S4-004 in which the CPU 201 checksthe type of the selected destination.

If the selected destination is a destination registered in thedestination table (FILE IN DESTINATION TABLE in step S4-004), theprocessing proceeds to step S4-005. If the selected destination is adestination that user newly enters (FILE OF NEW DESTINATION in stepS4-004), the processing proceeds to step S4-006. If the selecteddestination is the folder of the user authenticated by the sendauthentication (SEND DATA TO USER'S OWN FOLDER in step S4-004), theprocessing proceeds to step S4-008. The destination table (address book)is a table in which send destinations supposed to be used by a userfrequently are registered in advance, and is stored in the HD 210. TheCPU 201 displays a list of the send destinations registered in thedestination table on the DISPLAY 208, and can set the destination thatthe user specifies from the displayed list as a send destination.

In step S4-005, the CPU 201 adds one or more destinations selected fromthe destination table to a destination list, and then the processingreturns to step S4-001. The details of the destination list will bedescribed later.

In step S4-006, the CPU 201 sets the authentication information requiredfor the authentication for sending image data to the newly specifiedfile destination. The details of the inheritance processing will bedescribed later. Then, the processing proceeds to step S4-007.

In step S4-007, the CPU 201 adds the newly specified file destination tothe destination list, and then the processing returns to step S4-001.

Step S4-008 is performed when the user decides in step S4-004 to senddata to the user (which means “me” for this user) authenticated by thesend authentication. The destination of the user authenticated by thesend authentication is the folder of the home folder which is set to theuser authenticated by the send authentication based on the directoryinformation contained in the context 5000 acquired from the LDAP server300. Therefore, the image data is sent to the home folder. In stepS4-008, the CPU 201 sets the authentication information to access thishome folder. Then, the processing proceeds to step S4-009.

In step S4-009, the CPU 201 adds the destination of the authenticateduser (the home folder of this user) to the destination list, and theprocessing returns to step S4-001.

The destination of the authenticated user is not limited to the homefolder of the user, and may be another type of destination informationsuch as the electric mail address of the user.

FIG. 6 is a flowchart illustrating an example of the processing ofsetting authentication information for a new file destination performedin step S4-006 illustrated in FIG. 4.

In step S6-001, the CPU 201 checks the setting of the authenticationmethod applied to a new destination by referring to the authenticationsetting information stored in the HD 210. The details of theauthentication setting information will be described later. If thesetting is to inherit the authentication information for a newdestination (YES in step S6-001), the processing proceeds to stepS6-002, and if not (NO in step S6-001), the processing proceeds to stepS6-004.

In step S6-002, the CPU 201 displays a screen prompting the user toenter authentication information such as a username and a password onthe DISPLAY 208. Then, the CPU 201 presets the username and the passwordstored in the context 5000 into the input fields of username andpassword.

FIG. 9A illustrates an example of the screen displayed on the DISPLAY208 in step S6-002. FIGS. 9A and 9B illustrate examples of the screen onwhich a shared folder under, for example, the SMB protocol, is set as asend destination. The destination is specified by the items “HOST NAME”and “FOLDER PATH” illustrated in FIGS. 9A and 9B, to which, in theexamples illustrated in FIGS. 9A and 9B, the user is supposed to enter anew destination through a manual operation. On the screen illustrated inFIG. 9A, the items “USERNAME” and “PASSWORD” are inherited from thecontext 5000 illustrated in FIG. 5 and preset. In the “PASSWORD” fieldon the screen, the true password stored in context 5000 is replaced withdummy characters (for example, the character “*”), but actually,internal processing presets the true password stored in the context5000. When the authentication to access the folder set as a newdestination requires the same authentication information as theauthentication information for the send authentication, user's operationof setting the authentication information can be simplified bypresetting the authentication information used in the sendauthentication as illustrated in FIG. 9A.

On the other hand, in step S6-004, the CPU 201 displays, on the DISPLAY208, a screen prompting the user to enter the authentication informationsuch as a username and a password. In this case, since theauthentication information is not inherited, the displayed screencontains blank “USERNAME” and “PASSWORD” input fields as illustrated inFIG. 9B. In this case, the user has to enter data to the respectiveinput fields through a manual operation. When the authentication toaccess the folder set as a new destination requires authenticationinformation different from the authentication information for the sendauthentication, the authentication information for the sendauthentication does not have to be preset.

In step S6-003, the CPU 201 receives the user's input and/ormodifications of host name, folder path, username, and/or password. Wheninput completion is notified by pressing of an OK button on the screenillustrated in FIGS. 9A and 9B, the present flowchart is ended.

FIG. 7 is a flowchart illustrating an example of the processing ofsetting authentication information for sending data to user's own folderperformed in step S4-008 in FIG. 4.

In steps S7-001 and S7-002, the CPU 201 checks the setting of theauthentication method for sending data to user's own folder by referringto the authentication setting information stored in the HD 210. First,the CPU 201 checks in step S7-001 whether the each-time authenticationis supposed to be performed. If the setting of performing the each-timeauthentication is selected for sending data to user's own folder (YES instep S7-001), the processing proceeds to step S7-002, and if not (NO instep S7-001), the processing proceeds to step S7-006.

In step S7-002, the CPU 201 checks the setting about whether to perform“inheritance” of the authentication information. If the setting ofinheriting the authentication information is selected for sending datato user's own folder (YES in step S7-002), the processing proceeds tostep S7-003, and if not (NO in step S7-002), the processing proceeds tostep S7-005.

In step S7-003, the CPU 201 displays a screen prompting the user toenter a username and a password on the DISPLAY 208. The username andpassword stored in the context 5000 are preset to the username andpassword input fields.

FIG. 10A illustrates an example of the screen displayed in step S7-003.On the screen illustrated in FIG. 10A, the inherited username andpassword in the context 5000 are input in the username and passwordinput fields as initial values. In the password field on the screen, thetrue password stored in context 5000 is replaced with dummy characters(for example, the character “*”), but actually, internal processingpresets the true password in the context 5000. On the screen illustratedin FIG. 10A, the input fields for the host name and folder pathspecifying the send destination are displayed in gray, which indicatesthat these fields are not to be filled and cannot be edited. As internalprocessing, the values of server and folder path stored in the context5000 illustrated in FIG. 5 are used as the host name and the folderpath.

FIG. 10B illustrates another example of the screen displayed in stepS7-003. The screen illustrated in FIG. 10B is the same as the screenillustrated in FIG. 10A, except for the host name and folder path inputfields of FIG. 10B that are respectively filled with the values ofserver name and folder path stored in the context 5000, and aredisplayed in gray indicating that these fields cannot be edited.

On the other hand, in step S7-005, the CPU 201 displays a screenprompting the user to enter a username and a password on the DISPLAY208. In this case, since the authentication information is not inheritedfrom the send authentication, the CPU 201 displays the same screen asthe screen illustrated in FIG. 10A, except that the screen this timecontains blank username and password input fields. Then, the processingproceeds to step S7-004.

In step S7-004, the CPU 201 receives the user's input and/ormodifications of the username and/or password. Then, when inputcompletion is notified by pressing of the OK button illustrated in FIGS.10A and 10B, the present flowchart is ended.

If the CPU 201 determines in step S7-001 that the setting of notdisplaying the each-time screen is selected for sending data to user'sown folder (NO in step S7-001), the processing proceeds to step S7-006.In step S7-006, without displaying a screen such as the ones illustratedin FIGS. 10A and 10B, the send destination and the authenticationinformation are set by inheriting the server, the folder path, theusername, and the password stored in the context 5000 illustrated inFIG. 5.

FIG. 13 illustrates an example of the destination list. The destinationlist 13 is a list storing destinations that are each determined as asend destination in image sending performed by the MFP 200. Adestination is added to the destination list 13 in steps S4-005, S4-007,and S4-009 illustrated in FIG. 4. FIG. 13 illustrates, by way ofexample, the destination list 13 in which the destinations of Nos. 001and 002 in the destination table are added to idx 1 and 2 in stepS4-005. Further, this destination list 13 indicates that a newdestination having the network folder path “\\share\scan” is added toidx 4 in step S4-007. Further, this destination list 13 indicates thatthe destination for sending a file to the user's own folder is added toidx 3 based on the data in the context 5000 illustrated in FIG. 5 instep S4-009.

FIG. 8 is a flowchart illustrating an example of the processing ofsetting authentication information for a destination selected from thedestination table, which is performed in step S3-005.

In step S8-001, the CPU 201 checks the destination type in thedestination list 13, starting from the first destination (idx 1). If thedestination type is the destination table (FILE IN DESTINATION TABLE instep S8-001), the processing proceeds to step S8-002, and if not (OTHERSin step S8-001), the processing proceeds to step S8-008.

In steps S8-002 and S8-003, the CPU 201 checks the setting of theauthentication method for a destination selected from the destinationtable by referring to the authentication setting information stored inthe HD 210. If the setting of displaying the each-time screen isselected for a destination from the destination table (YES in stepS8-002), the processing proceeds to step S8-003, and if not (NO in stepS8-002), the processing proceeds to step S8-007.

In step S8-003, the CPU 201 checks the setting about whether to inheritthe authentication information used in the send authentication as theauthentication method for a destination selected from the destinationtable, by referring to the authentication setting information. If thesetting of inheriting the authentication information is selected for adestination from the destination table (YES in step S8-003), theprocessing proceeds to step S8-004, and if not (NO in step S8-003), theprocessing proceeds to step S8-006.

In step S8-004, the CPU 201 displays a screen prompting the user toenter a username and a password on the DISPLAY 208, and presets theusername and the password stored in the context 5000 illustrated in FIG.5 to the username and password input fields.

FIG. 11A illustrates an example of the screen displayed on the DISPLAY208 in step S8-004. The username stored in the context 5000 is preset tothe username field. Further, in the password field on the screen, thetrue password stored in context 5000 is replaced with dummy characters(for example, the character “*”), but actually, internal processingpresets the true password in the context 5000.

On the other hand, in step S8-006, the CPU 201 displays a screenprompting the user to enter authentication information such as ausername and a password on the DISPLAY 208. In this case, since theauthentication information is not inherited, the CPU 201 displays ascreen containing blank “USERNAME” and “PASSWORD” input fields, asillustrated in FIG. 11B. In this case, the user has to enter data intothe respective input fields through a manual operation.

In step S8-005, the CPU 201 receives the user's inputs and/ormodifications of username and/or password. Then, when input completionis notified by pressing of the OK button illustrated in FIGS. 11A and11B, the processing proceeds to step S8-008.

If the CPU determines in step S8-002 that the setting of not displayingthe each-time screen is selected for a destination from the destinationtable (NO in step S8-002), the processing proceeds to step S8-007. Instep S8-007, the CPU 201 does not display the screen as illustrated inFIGS. 11A and 11B, and uses the username and the password registered inthe destination table without any modification. Then, the processingproceeds to step S8-008.

In step S8-008, the CPU 201 checks whether the currently processeddestination is the last idx in the destination list. If the currentlyprocessed destination is the last idx in the destination list (YES instep S8-008), the present flowchart is ended. If not (NO in stepS8-008), the idx is incremented by one, and the processing returns toS8-001.

FIG. 14 illustrates an example 14 of the destination list aftercompletion of setting of the authentication information for thedestinations in the destination table by the processing illustrated inthe flowchart of FIG. 8 (immediately before the destination list is putin the send processing queue as a job). The usernames and passwordsstored in the context 5000 are set to the usernames and passwords ofidx1 and idx2 in FIG. 14. This example indicates that the setting ofdisplaying the each-time screen is selected (YES in step S8-002) and thesetting of inheriting the authentication information for the sendauthentication is selected (YES in step S8-003) for a destination fromthe destination table.

FIG. 12 illustrates an example of an authentication method settingscreen to be displayed on the DISPLAY 208 so that a user oradministrator can set the authentication setting information.

A SETTING CHANGE button 1202 is a button for selecting the settingsrequired for SNIP authentication. When the SETTING CHANGE button 1202 ispressed, the DISPLAY 208 shows a not-illustrated screen for selectingdetailed settings for SNIP authentication. This screen allows a user toenable/disable SNIP authentication, and set authentication informationsuch as a username and a password if SMTP authentication is enabled.

Radio buttons 1204 to 1208 are buttons allowing selections about theauthentication method when a user sends image data via an electric mail.The radio button 1204 is a button for a selection of inheriting theauthentication information (context 5000) used in the sendauthentication, and presetting the authentication information used inthe send authentication on the screen for inputting authenticationinformation, when a user sends image data via an electric mail. Theradio button 1206 is a button for a selection of not inheriting theauthentication information used in the send authentication, anddisplaying blank fields for inputting authentication information on thescreen for inputting the authentication information, when a user sendsimage data via an electric mail. The radio button 1208 is a button for aselection of using the authentication information unique to theapparatus, i.e., the username and the password for SMTP authenticationset by pressing of the SETTING CHANGE button 1202, and not displaying ascreen for inputting authentication information, when a user sends imagedata via an electric mail.

Radio buttons 1210 to 1224 are buttons allowing selections about theauthentication methods when a user sends image data with use of the SMBprotocol or the FTP protocol. There are prepared radio buttons forsetting the authentication methods in such a manner that theauthentication methods are associated with the destination settingmethods when a user sends image data with use of the SMB protocol or theFTP protocol.

The radio button 1210 is a button for a selection of inheriting theauthentication information (context 5000) used in the sendauthentication, and presetting the authentication information used inthe send authentication on the screen for inputting authenticationinformation, when the destination to which image data is sent is a newdestination that is not selected from the destination table. The radiobutton 1212 is a button for a selection of not inheriting theauthentication information used in the send authentication, anddisplaying blank fields for inputting authentication information on thescreen for inputting the authentication information, when thedestination to which image data is sent is a new destination.

The radio button 1214 is a button for a selection of inheriting theauthentication information (context 5000) used in the sendauthentication, and presetting the authentication information used inthe send authentication on the screen for inputting authenticationinformation, when a user sends image data to a destination selected fromthe destination table. The radio button 1216 is a button for a selectionof not inheriting the authentication information used in the sendauthentication, and displaying blank fields for inputting authenticationinformation on the screen for inputting the authentication information,when a user sends image data to a destination selected from thedestination table. The radio button 1218 is a button for a selection ofusing the authentication information registered in the destinationtable, and not displaying a screen for inputting authenticationinformation, when a user sends image data to a destination selected fromthe destination table.

The radio button 1220 is a button for a selection of inheriting theauthentication information (context 5000) used in the sendauthentication, and presetting the authentication information used inthe send authentication on the screen for inputting authenticationinformation, when a user sends image data to the user's own folder. Theradio button 1222 is a button for a selection of not inheriting theauthentication information used in the send authentication, anddisplaying blank fields for inputting authentication information on thescreen for inputting the authentication information, when a user sendsimage data to the user's own folder. The radio button 1224 is a buttonfor a selection of using the authentication information (context 5000)used in the send authentication, and not displaying the screen forinputting authentication information, when a user sends image data tothe user's own folder. In this way, the MFP 200 is configured so as toenable a user to set a desired authentication method for each of thesend protocols that the MFP 200 supports (SMTP, SMB/FTP in the presentexemplary embodiment), and further, for each of the destinationselection methods. The selections set on the screen illustrated in FIG.12 are stored in the HD 210 as the authentication setting information bypressing of a not-illustrated OK button.

The authentication setting information set on the setting screenillustrated in FIG. 12 and stored in the HD 210 is referred to when theCPU 201 makes a determination in step S6-001 in FIG. 6, steps S7-001 andS7-002 in FIG. 7, and steps S8-002 and S8-003 in FIG. 8. The radiobuttons grouped by “new destination”, “destination table”, and “senddata to user's own folder” are controlled in such a manner that only onebutton can be selected for each group.

According to the present exemplary embodiment as mentioned above, theMFP 200 enables a user to arbitrarily switch whether to inherit theauthentication information and whether to display the authenticationscreen according to a kind of selected destination and a selecteddestination setting method.

The present exemplary embodiment has been described, focusing on thesend authentication by the LDAP server 300 as one example of thefunction authentication. However, the present exemplary embodiment isnot limited to the function authentication. For example, theauthentication information used in the device authentication may be usedas the above-mentioned context 5000. Further, the send authenticationmay be performed by the MFP 200, instead of the LDAP server 300. Forexample, such a configuration can be realized by storing a tablecontaining usernames and passwords in the HD 210 of the MFP 200, andchecking a username and a password entered on an authentication screenagainst this table.

Further, the present exemplary embodiment is configured in such a mannerthat the each-time processing and the inheritance processing for a filedestination in the destination table is performed after establishment ofa destination selection. However, the each-time processing and theinheritance processing may not be performed after destinationestablishment. For example, steps S8-001 and S8-008 may be removed fromthe processing illustrated in FIG. 8 and the each-time processing andthe inheritance processing may be performed before step S4-005 in FIG.4. By this modification, the same effects can be achieved even if thedestination list illustrated in FIGS. 13 and 14 does not contain theitem of destination type. On the contrary, the each-time processing andthe inheritance processing for “send data to user's own folder”illustrated in FIG. 7 may be performed at the same timing as the timingof the each-time processing and the inheritance processing for a filedestination in the destination table in the first exemplary embodiment,and this modification can provide the same effects as the effects of thefirst exemplary embodiment. In this case, however, the processingillustrated in FIG. 7 should additionally have a step similar to stepS8-001 (step of determining whether the destination is “send data touser's own folder”), and a step corresponding to step S8-008.

Further, as illustrated in FIG. 12, the present exemplary embodiment isconfigured in such a manner that the authentication method can beselected for each of the three destination setting methods, i.e., “newdestination”, “destination table”, and “send data to user's own folder”.However, for example, if the MFP 200 is provided with the functionenabling a selection of a destination from the past send history, orenabling a selection of a destination from a routine work registered inadvance, the MFP 200 may be configured in such a manner that theauthentication method can be also set for each of those destinationsetting methods. As a result, it is possible to offer more flexiblecombinations of “each-time” and “inheritance” to a user.

Further, in the first exemplary embodiment, “each-time” and“inheritance” is applied to the authentication to access a folder in afile transfer. However, “each-time” and “inheritance” may be applied toanother authentication that is not folder authentication. For example,“each-time” and “inheritance” can be applied to SNIP authentication forsending an electronic mail. More specifically, the same effects can beobtained by individually setting “each-time” and “inheritance” to SNIPauthentication in normal electric mail sending in which a user selects adestination, and to SNIP authentication when a send result is notifiedto a specific destination by an electric mail. Further, “each-time” and“inheritance” about SMTP authentication may be switched according toelectronic mail or I-Fax.

Other Embodiments

Aspects of the present invention can also be realized by a computer of asystem or apparatus (or devices such as a CPU or MPU) that reads out andexecutes a program recorded on a memory device to perform the functionsof the above-described embodiment (s), and by a method, the steps ofwhich are performed by a computer of a system or apparatus by, forexample, reading out and executing a program recorded on a memory deviceto perform the functions of the above-described embodiment(s). For thispurpose, the program is provided to the computer for example via anetwork or from a recording medium of various types serving as thememory device (e.g., computer-readable medium).

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all modifications, equivalent structures, and functions.

This application claims priority from Japanese Patent Application No.2010-101303 filed Apr. 26, 2010, which is hereby incorporated byreference herein in its entirety.

What is claimed is:
 1. An image sending apparatus comprising: one ormore memory devices storing instructions for execution by one or moreprocessors; and the one or more processors, operable when executing theinstructions to: receive a password; perform processing for firstauthentication using the password to allow a user to set a sendingmethod from among a plurality of different sending methods for sendingimage data; store the password in response to a result of the firstauthentication being an authentication success result; set a sendingmethod for sending the image data to a destination based on a userinstruction; determine, based on setting information associated with theset sending method for sending the image data to the destination,whether to use the stored password as a password for secondauthentication required to send the image data to the destination; andperform processing for the second authentication, wherein, in responseto determining to use the stored password as the password for the secondauthentication, the processing for the second authentication isperformed with use of the stored password, and, in response todetermining not to use the stored password as the password for thesecond authentication, the processing for the second authentication isperformed without use of the stored password.
 2. The image sendingapparatus according to claim 1, wherein the destination is set by one ofa plurality of different setting methods, and wherein the determiningwhether to use the stored password as the password for the secondauthentication is further based on the setting method by which thedestination is set.
 3. The image sending apparatus according to claim 2,wherein the plurality of different setting methods include at least anyof the following setting methods: (1) selecting a destination to whichthe image data is to be sent from a destination table stored at astorage unit; (2) setting a destination that is not stored in thedestination table, by an operation of the user; and (3) setting adestination associated with the user identified from an authenticationresult of the first authentication, the result of the firstauthentication being the authentication success result.
 4. The imagesending apparatus according to claim 1, wherein the one or moreprocessors are further operable when executing the instructions to:issue a notification to the user to prompt the user to enter a passwordrequired for the second authentication in response to determining not touse the stored password as the password for the second authentication.5. The image sending apparatus according to claim 1, wherein theplurality of different sending methods include any of an electronicmail, a file transfer with use of the SMB protocol, and a file transferwith use of the FTP protocol.
 6. The image sending apparatus accordingto claim 1, wherein the setting information associated with the setsending method includes information specifying an authentication methodto be applied to the second authentication, and wherein the determiningwhether to use the stored password as the password for the secondauthentication comprises identifying the authentication method byreferring to the setting information, and determining, in accordancewith the identified authentication method, whether to use the storedpassword as the password for the second authentication.
 7. A method inan image sending apparatus, the method comprising: receiving a password;performing processing for first authentication using the password toallow a user to set a sending method from among a plurality of differentsending methods for sending image data; storing the password in responseto a result of the first authentication being an authentication successresult; setting a sending method for sending the image data to adestination based on a user instruction; determining, based on settinginformation associated with the set sending method for sending the imagedata to the destination, whether to use the stored password as apassword for second authentication required to send the image data tothe destination; and performing processing for the secondauthentication, wherein, in response to determining to use the storedpassword as the password for the second authentication, the processingfor the second authentication is performed with use of the storedpassword, and, in response to determining not to use the stored passwordas the password for the second authentication, the processing for thesecond authentication is performed without use of the stored password.8. The method according to claim 7, wherein the destination is set byone of a plurality of different setting methods, and wherein thedetermining whether to use the stored password as the password for thesecond authentication is further based on the setting method by whichthe destination is set.
 9. The method according to claim 8, wherein theplurality of different setting methods include at least any of thefollowing setting methods: (1) selecting a destination to which theimage data is to be sent from a destination table stored at a storageunit; (2) setting a destination that is not stored in the destinationtable, by an operation of the user; and (3) setting a destinationassociated with the user identified from an authentication result of thefirst authentication, the result of the first authentication being theauthentication success result.
 10. The method according to claim 7,further comprising: issuing a notification to the user to prompt theuser to enter a password required for the second authentication inresponse to determining not to use the stored password as the passwordfor the second authentication.
 11. The method according to claim 7,wherein the plurality of different sending methods include any of anelectronic mail, a file transfer with use of the SMB protocol, and afile transfer with use of the FTP protocol.
 12. The method according toclaim 7, wherein the setting information associated with the set sendingmethod includes information specifying an authentication method to beapplied to the second authentication, and wherein the determiningwhether to use the stored password as the password for the secondauthentication comprises identifying the authentication method byreferring to the setting information, and determining, in accordancewith the identified authentication method, whether to use the storedpassword as the password for the second authentication.
 13. Anon-transitory computer-readable storage medium storing instructionsthat, when executed by one or more processors of an image sendingapparatus, cause the one or more processors to perform operationscomprising: receiving a password; performing processing for firstauthentication using the password to allow a user to set a sendingmethod from among a plurality of different sending methods for sendingimage data; storing the password in response to a result of the firstauthentication being an authentication success result; setting a sendingmethod for sending the image data to a destination based on a userinstruction; determining, based on setting information associated withthe set sending method for sending the image data to the destination,whether to use the stored password as a password for secondauthentication required to send the image data to the destination; andperforming processing for the second authentication, wherein, inresponse to determining to use the stored password as the password forthe second authentication, the processing for the second authenticationis performed with use of the stored password, and, in response todetermining not to use the stored password as the password for thesecond authentication, the processing for the second authentication isperformed without use of the stored password.
 14. The non-transitorycomputer-readable storage medium according to claim 13, wherein thedestination is set by one of a plurality of different setting methods,and wherein the determining whether to use the stored password as thepassword for the second authentication is further based on the settingmethod by which the destination is set.
 15. The non-transitorycomputer-readable storage medium according to claim 14, wherein theplurality of different setting methods include at least any of thefollowing setting methods: (1) selecting a destination to which theimage data is to be sent from a destination table stored at a storageunit; (2) setting a destination that is not stored in the destinationtable, by an operation of the user; and (3) setting a destinationassociated with the user identified from an authentication result of thefirst authentication, the result of the first authentication being theauthentication success result.
 16. The non-transitory computer-readablestorage medium according to claim 13, the operations further comprising:issuing a notification to the user to prompt the user to enter apassword required for the second authentication in response todetermining not to use the stored password as the password for thesecond authentication.
 17. The non-transitory computer-readable storagemedium according to claim 13, wherein the plurality of different sendingmethods include any of an electronic mail, a file transfer with use ofthe SMB protocol, and a file transfer with use of the FTP protocol. 18.The non-transitory computer-readable storage medium according to claim13, wherein the setting information associated with the set sendingmethod includes information specifying an authentication method to beapplied to the second authentication, and wherein the determiningwhether to use the stored password as the password for the secondauthentication comprises identifying the authentication method byreferring to the setting information, and determining, in accordancewith the identified authentication method, whether to use the storedpassword as the password for the second authentication.